Protecting applications with the use of application metadata

Instructions on how to protect applications using application metadata in ACP

Note

Application metadata can be used for validating policies. It enables, for example, blocking the scope assignment to an application identified with specific metadata.

Prerequisites

  • You can log in to ACP as an administrator.
  • You have at least one application in ACP.

Select workspace

  1. Navigate to the ACP portal in your browser and log in with your credentials.

  2. In the ACP home page, go to CHANGE WORKSPACE in the sidebar and click to preview available options.

  3. From the CHANGE WORKSPACE menu, select a workspace that you want to configure.

  1. In the workspace, select Applications from the sidebar.

  2. In the Applications view, select an application that you want to check the metadata on.

  3. In the application view, select the Metadata tab.

Configure app metadata

  1. In the Metadata view, select the Client metadata tab.

  2. In the Client metadata view, update an existing JSON or enter a new one.

  3. When your JSON is ready, select SAVE CHANGES.

Result

You’ve configured metadata for the application and you are able to use this data for your purposes.

Create policy

  1. Select Policies from the sidebar.

  2. In the Policies view, select CREATE POLICY.

  3. In the Create Policy view, select the policy type from the drop-down list by setting it to User, Machine to machine, or Dynamic Client Registration.

    Note

    Policy types that support the client-metadata validator are: User, Machine to machine, and Dynamic Client Registration.

  4. Still in the Create Policy view

    1. Enter Policy name.
    2. Enter Display name.
    3. Set Policy language to CLOUDENTITY.
    4. Select CREATE to proceed.

  5. In the policy generating engine, select ADD VALIDATOR.

  6. From the fly-out Add new validator pane, select Client.

  7. In the Client validator, select ADD FIELD.

  8. In the Cross context condition editor

    1. Enter the name of a client-content attribute that you want to use, for example client_id.
    2. Select an attribute operator, for example, contains.
    3. Enter a value (target) for your attribute that would validate the policy, for example auth21.
    4. Select SAVE to complete the field setup.

  9. Select the OK icon from the top right corner if you’re done with adding fields.

  10. If you’re done with adding validators, select SAVE to complete the policy setup.

Result

Your policy validating application metadata is ready to be used.

Next steps

Use the application metadata for various authorization operations on the 3rd party application in ACP. See, for example, Protecting scopes with access policies as a reference.